“Enhancing Cybersecurity in Austria” (2018-AT-IA-0111)

image

In 2018 CERT.at applied for a follow-up project to "Strengthening the CERT Capacity and IT security readiness in Austria" (CEF 2016-AT-IA-0089) another EU-supported project “Enhancing Cybersecurity in Austria" (2018-AT-IA-0111) as part of the Connecting Europe Facilities (CEF) program. It has been accepted in full amount and implies a 75% funding of the costs. The project duration was from September 2019 to August 2021.

It enhanced human resources, trainings, tool development as well as extensions of the server and security architecture of CERT.at.

The project covered internal enhancements as well as adaptions for international collaboration with European CERTs. For example the integration and inclusion in "MeliCERTes", another EU-funded project for collaboration between European CERTs was a major part of the project.

A special focus was the research (Data Science) and the automation of existing data sets and the extension of own data sourcesfor incident management in cooperation with the Research & Development Team ("R&D") of der nic.at.

Last but not least the further development of IntelMQ in the international context as well as in cooperation with CERT.pl's tool "n6" was supported.

“Strengthening the CERT Capacity and IT security readiness in Austria" (2016-AT-IA-0089)

image

In 2016 CERT.at (with the mother company nic.at GmbH) applied for a funding at the Connecting Europe Facilities (CEF) program in the category “Cyber Security". The aim of the 2016-AT-IA-0089 program was to prepare national CERTs/CSIRTs for the NIS directive. It was thus possible to find and address weaknesses (in respect to the(at this time upcoming) NIS directive.

One of the biggest concerns which affects CERTs/CSIRTs (and actuelly the whole IT Security industry), is the lack of qualified personel. The "handling" of security incidents for Austria in repect to Interne (for a definition see our german annual report of 2019) always requires more ressources than is available. Consquently, of of the main focus areas of the project was the automation of incident handlings. Various data feeds of incidents (very often Open Source Intelligence, sometimes data feeds are only shared with national CERTs) are collected, fetch, pre-processed, filtered and enhanced with more information. The enriched and sanitized data feeds are then grouped by network operators and sent to them on a daily basis. More information can be found on our websie as well as in our annual report of 2019 in the section data basis.

This automation has been successfully completed as part of the CEF project in the time between september 2017 to september 2019. All work has been published as Open Source on the GitHub platform at https://github.com/certtools/intelmq and is available for all CERTs/CSIRTs and other interested parties, see also our annual report of 2019 in the section on IntelMQ. The software is already in use by various parties and there are about 200 installations of IntelMQ we know of as of end 2019.

Further aspects of the CEF-2016-3 project were temporarily more employees for CERT.at, the creation of a NIS reporting portal, server hardware, travels ofr networking with other CERTs/CSIRTs and trainings for CERT.at employees.

Participation in research projects

InduSec

CERT.at took part in the project "InduSec" stared in 2019 by SBA Research. Most notably the focus is to level IT und OT in respect to security. More information can be found at the Webseite of SBA Research.

ACCSA (KIRAS)

CERT.at participated in Austrian Cyber Crisis Support Activities (ACCSA), which aimed to prepare state-level actors in the national cyber-crisismanagement ("Cyber-Krisenmanagement", CKM) for cyber-crisis with comprehensive teaching-, training- and analysis-concepts to minimize reaction times and error rates in case of real cyber-crisis. More details can be found at the Webseite of KIRAS.